Mayvin

Data Protection

In order to fulfil our contract with you, we will process certain personal information relating to participants enrolled in our programmes. Therefore, this Privacy Notice provides an overview on how we use your participant information, as well as your rights over any personal information we hold, and how to make a complaint. This Privacy Notice has been updated in February 2019 in compliance with the General Data Protection Regulation.

How we use personal data?

The personal data or personal information of participants will be used in order to deliver the programme you are participating in and potentially analysed collectively for programme evaluation purposes. As a data controller we may obtain, use, process and disclose personal data about each participant. Where the programme is accredited by the University of Chichester we will act as Data Controllers and they will act as our Data processors unless otherwise notified.

Your information will be stored within the United Kingdom or European Union countries. Some of our systems require your personal data to be stored in a third country. We will only do this when that third country can provide sufficient and adequate measures to protect your personal data. We take the security of your data seriously and so all our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements. We are required by legislation to retain your data where we have ceased to act for you. However, in order to perform any contractual obligations and to comply with our legitimate interest it is our policy that participants’ personal data will be kept for as long as you remain our clients and for a period of five years thereafter.

Who do we share personal information with?

Participants’ personal information will only be disclosed to their employer/sponsor, where applicable, or shared with the University of Chichester for the Accreditation process. Also, to work with you, we may sub-contract consultancy work to our Associate Consultants, and therefore transfer participants’ personal data to them where we regard this as being in our legitimate interest. In addition, we work with a range of third-party service providers, such as psychometric assessment providers and IT professionals. We have Data Processor agreements in place with all providers, individuals/organisations, to ensure they process our clients’ personal data appropriately and securely.

In some cases, we may suggest participant contact information is shared between the programme cohort members. This will be by consent and you may object or choose not to share your details with other participants.

Where a group of participants is contacted together, such as for joining instructions in advance of a workshop, all participants will be BCC in emails unless prior consent has been obtained from all to share contact details.

What type of information do we collect?

Personal information

Commonly, the kind of personal Information that will be processed is participant’s full name, job title, email, telephone number, organisation name. However, in the course of the programme, some sensitive information might be freely disclosed by a participant, such as information related to their physical, physiological, genetic, mental, economic, cultural or social identity. For example, you might share such information as part of a piece of personal reflection in the context of developing your professional practice.

Information for accreditation

Where a programme is accredited we will also collect the following additional information in order to register participants as students with the University of Chichester: Title, First Name, Last Name, Email Address, Date of Birth, Highest academic qualification to date, Department, Home Address, Home postcode, Contact telephone number, Nationality, Any disclosed disability, Ethnicity.

Recordings and images

In some cases, we will photograph, video or audio record training sessions for the purpose of evaluation or documenting the programme. Where we invite participants to join an online session or call using video conferencing software, such as Zoom, we will often wish to record these sessions in order to keep a record of the discussions or to allow an absent participant to listen to the call which means your image and voice will be recorded. You will always be informed when a session is going to be recorded and you will have the option to object or not take part. Recordings are subject to our standard document retention policies, however, unless there is a reason for holding on to a recording for longer, it will typically be deleted after 30 days.

Psychometrics and diagnostics

We may also invite people to complete questionnaires e.g. for psychometric instruments or for 360 feedback. Participants will be provided with relevant privacy statements and will be asked to provide consent to their data being processed for these purposes. We will only use diagnostic and psychometric tools from third party providers with existing data privacy statements, policies and procedures.

Evaluation data

Information such as photos, individual projects and work submitted for assessment, and psychometric data may be processed for evaluation purposes. This process will ensure individual data is anonymized and unidentifiable unless agree by prior consent from the participant. We would use this type of participant data in order to fulfil our contract of an agreed evaluation process with the organisation.

How do we secure personal information?

• Implementing access controls to our information technology, encryption of emails, firewalls, ID verification and logical segmentation and/ or physical separation of our systems and information;
• Anonymization or pseudonymisation of sensitive data;
• We have obtained Cyber Essentials status which is a Government-backed, industry-supported scheme that help organisations protect themselves against common online threats.

Data Privacy rights

Right to Access and Rectification

Participants have the right to access the personal information we hold about them, This is called a 'Subject Access Request'. If we agree that we are obliged to comply with a subject access request, we will provide it to the participant or whoever is acting on behalf of the participant free of charge. Before providing personal information to them or another person on their behalf, we may ask for proof of identity and sufficient information about their interactions with us so that we can locate their personal information. If any of the personal information we hold about them is inaccurate or out of date, they may ask us to correct it.

Right to erasure

participants have the right to request us to delete or remove their personal data where there is no compelling reason for its continued processing, although, this can only be done under specific circumstances.

Right to object or restrict the processing

Participants have the right to restrict data processing where they believe their data is inaccurate or it has been unlawfully processed, however, this can only be done under specific circumstances. They also have the right to object to the processing, which means they can ask us to stop processing their personal data for direct marketing at any time, you can do this by opting out.

Right to Data Portability

In certain circumstances participants have the right to receive the personal data they have provided to us in a structured, commonly used and machine-readable format. We can transmit this data directly to them or to another company.

Contact us

If you have any concerns please contact your Client Relationship Director, Tony Nicholls (tony.nicholls@mayvin.co.uk), or if you would like to exercise any of the rights as outlined above, please contact dataprotectionlead@mayvin.co.uk

File a complaint

If you are not happy with how we have managed your personal information you can lodge a complaint directly to the Information Commission Officer (ICO) at https://ico.org.uk/global/contact-us